WSUS offline update is a must.

Introduction

"...since security, time and bandwidth are money. "
This is the slogan that accompanies the presentation of this great freeware project from 2009.
Everyone knows the meaning of WSUS (Windows Server Update Services), and is synonymous with Windows Update for those involved in IT administration.
Both of them work via the network: internal in the first case, the Internet in the second case.
But what happen if some computers are still disconnected from the network, stubbornly stand-alone?
Technicians in this group have given a very good third option.
I'm surprised at the strength of this tool, which allows you to download free updates locally, and to distribute them safely even from computers that would otherwise be helpless in the face of threats that exploit well known vulnerabilities of the system.
Before we begin, I want to clarify that I am not in any way associated with the developers of this utility.

Steps
(8 total)

1

How we begin

The first step is to download the latest version from the website:
http://download.wsusoffline.net/We decide where we want to place it.
There are no installer to do, just place the folder on a hard drive large enough (it takes about 15 GB of space, if we are to download only one language for each operating system and office version).
UPDATE: 02/13/2015 the total size of the folder for all supported systems from ver. 9.5.2 comes with over 20 GB.
It is usual KISS rule: you will not regret keeping ONLY the ones you actually use.
There you will gain in terms of speed, space and maintenance.
For those who are familiar with WSUS, you will find this convenient space requirement, but it is a choice to restrict updates to those super-sedated.
So we see from "explorer" to the folder you created and we start the first download session using "UpdateGenerator.exe." .
By starting the application (of course with administrator rights), the program possibly indicates the presence on the site of a new version, and if you want to update it. This occurs at a rate of a few months, and it guarantees the viability of the support in place. It is down from the first point, but of course retaining the previous discharges, to avoid losing any more time.
At each discharge of a new version, we are kindly invited to make a donation optional, part of which will go to a charity. Take your accounts, and do not be stingy!
We select the operating systems and applications that we are interested in updating.
One tip: for the first time you care to choose an operating system and only a single language and a version of office, just to make sure durations.
Obviously will last a long time, as it is to create from scratch.
Finally you can choose to align to this also a folder connected externally, for example via a USB disk, which we can use from time to time on the computer off-line.
I highlighted in red a choice that allows you to prepare ONLY a reduced image, without the need to download (as it is later warned by the application): is very useful to reduce the size, such as a USB stick, knowing the need of the hour.

2

How does the download.

At each start of the application, it creates a series of commands in DOS, which go to make our needs (depending on the options selected).
Everything proceeds automatically, without any further requests until the end of downloads.
The only thing we see is a DOS session that starts in various activities: at the end we can check a log file to check that everything is successful.
It brings every event since you started these procedures, with date and time, as befits any good log file.
A look every now and then, just out of curiosity.
Of course, all this must be done on a computer that is able to surf the internet and that should not be restarted frequently, considered the overall duration rather high.
At the end you will have the reporting of any errors, and the request to check the LOG of the download sequence.
Do it, and try to clean up the reports more old-growth, to keep only what is necessary.
The creation of the overall container for updates does not provide for an automatic restart.
In this case, if you wanted to leave your computer unattended and activate an automatic shutdown, you should proceed empirically by calculating the timing of the end of work (approximately inferring from the previous log file) and activating a shutdown planned at a later time from the control panel.
You'll see the log file tomorrow morning, providing all gone right...

3

How the magic happens.

After the download is complete, we will have a large number of updates, which usually are in the subfolder "client".
This alone would be enough to bring the updates around you: for example, you could share it between computers in your group or domain, and point to it from the computers that require proper attention.
Or you may decide to bring this only in an external drive, to be connected from time to time, provided that you do not have decided to create the external media or ISO files simultaneously to the discharge of updates.
Inside will also find "UpdateInstaller.exe".
This will start the corresponding program for updates.
Right click / Run as administrator.
Possibly (if from a USB disk) will be asked to confirm your choice, specifying to run in a non-protected, out of the sandbox.
As all of us know, also just bought a computer needs to patch: is the game of Microsoft.
As for an old computer that requires XP, normally you do a re-install with SP3.
To this we must add at least 155 other patches before the system can be considered up to date, only the supersedated patches for an installation time of over 3 hours (yes, you used much less time to install the operating system, drivers and applications).
If we do not have connections to the Internet or do not have a sufficient bandwidth, WSUS offline can conveniently come in handy.
Running our valuable application we will update this operating system with the latest patches released, using a commonly used USB disk.
This involves two more hours of processing, but fully automated, as for download.
Selecting the options "Automatic reboot and recall", we can do all automated:WSUSoffline will make a temporary administrator user called WOUTempAdmin to fit the purpose.
WARNING: I have experienced the tedious complications of running Vista systems automatically restart, so in this case try to avoid this choice, as it would have serious difficulties to remove the user WOUTempAdmin.
If you prefer to use inexpensive media, you can also create ISO to burn a DVD for each operating system that you have in the company, in order not to risk viral infections in the USB disk or shared folder.

4

Why use this program?

Often the computer in the domain are restricted to browsing on the internet, so it is to enslave a WSUS server to perform the necessary patches.
At least at the beginning will be more convenient in terms of network traffic to perform the updates by this mechanism, and then take over later with a maintenance system.
In addition, for small or very small reality (shops, dealers, repairers) this need not justify a dedicated server.
We can certainly do this service by simply connecting a drive and letting go our little magic.
This is typically the strategy that the installer does not want to monitor your computer during the upgrade process.
Once it is off, the work is done: it can work even after working hours, without anyone should be monitored.
Being restricted to patch super quiet if we are to navigate with your computer will be appropriate and advisable with Windows Update or from a WSUS server, as soon as is possible.
Obviously we will get updates only for Microsoft operating systems and MS applications attached.
At the beginning of the new year 2013, version 8.0 also supports Windows 8.
UPDATE: April 24, 2014 at ver. 9.2 get to manage Win8.1 update 1.

For those who harbor a boundless confidence in the instrument Removal Malware (for friends KB890830): our application instead considers it not to download and install it. You'll have to do it on your own, in the way that you feel appropriate.
In my humble opinion, when it comes to a computer that has lived a long time without getting the necessary updates and if you have the time, you should run this tool for a thorough check. It will be tedious but important to exclude possible risks and not to lose time doing work that would lead us to start over anyway, maybe deleting hours of application.
In my folder I always have two versions 32 and 64 bit.
Takes a long time, but I prefer to perform full scans for added security.

5

Tricks and Strategies

There are several ways to manage this precious resource.
Here are some possible ways to manage it.
Create folders for a number of ad hoc computer similar: for example, Windows 7 64 bit and Office 2010.
Just select ONLY the two boxes of interest and the option to create only the ISO / USB, taking care to specify a different folder than the one where you have the program.
Start the application, which will warn you of the anomaly.
This will create a folder similar to the \Client only for the required products, but lighter.
Another exception to MS Security Essentials: although they may perform the installation and updates, this program requires the presence of the validation of the copy of the operating system, which must be performed by the computer through Microsoft Sites.
In cases of computer confined, this implies at least the first necessity of connecting them to the Internet, in one way or another. Know this.

To date have assisted versions still managed and maintained by Microsoft, so goodbye XP or Office 2003: make the necessary considerations.
In these unfortunate circumstances I have retained a separate folder, updated until April 2014, and a series of recommendations to those who persist to use antiquated systems and programs!

To prevent tampering or any unpleasant surprises if you plan to leave the computer unattended in the update, do not leave connected to the monitor or the USB drive, and make sure you do not turn off your computer or take away the electric current. Avoid unpleasant temptations to those who observe your operations.
And I say this from experience.
It is a real risk that could arise after you restart the computer, preventing the temporary user deactivation.
If possible, use a lab under lock and key.
To stop the operations in progress, simply the usual Ctrl+C, with the necessary confirmation.
This has an effect both on the discharge upgrades session on both the update itself.
However, it is inadvisable during the update, and still better to carry out a reboot of control.
If you use Spiceworks, you will highlight updates made on the computer.
Remember to activate the update for those applications necessary and actually installed, the program is built well, but has no foresight, and you can not upgrade applications that are not installed, or installed with atypical procedures (eg Portable) or are not supported by the operating system.
The time now is widely covered and updated Microsoft applications only, and is not expected to extend to other areas (eg, Java, Acrobat, Firefox, etc.)..

6

Internet Explorer 10/11 for national languages.

There are some problems to the actual installation of these versions, if you are not actually interested in the installation of packages in English or German.
Currently, there are only these two languages​​, then I suggest you download a part of the package installer for your language and computer type (32/64 bit), and consider this application only as a preliminary to the actual installation of the utility package of your language.
Obviously this complicates life a bit, but if you can not navigate freely, it is the only choice.
To recap: Update with IE10 choice, restart, and install the package for IE10 in the required language, then the same thing for IE11.
A dispassionate advice: do not try to add your package to update your current package WSUSoffline, in the same direction packages English and German. It does not work that way.

7

Interesting additions of 2015

For those interested in the installation package of Windows Essentials, was added recently (March 2015) this secondary option, to be selected in the client at the time of being updated.
Still free, unless you have something better in the group of your applications.
To install these free programs, together with MS Security Essentials and its updates, it is essential a genuine copy of the operating system.
At the time of starting the installation from this road, assessed the practical feasibility of the thing.
You should find a way to validate your copy online (just do it once).
Also I do not recommend you to make these updates while the computer is in the possibility to upgrade to navigate online.
Most likely it has already started to download more updates on their own, according to the initial setting, and might be in conflict with what you are trying to add.
I usually momentarily I disable the Internet on the computers, both wired and wifi.
Nothing worse than discovering that you have lost half a day to find out that Windows Update forces you to do it again almost from scratch.

8

Limitations of this utility

Despite having evolved over the years, the goals have remained almost the same: keep updated computers even when they are not able to reach the Internet.
But it remains a simple and secure update level, a generic level, which is to overcome the most known problems in the least time-consuming.
So if you want to get updated drivers for devices, you'll have to do it by yourself, manually, or provide an internet connection, from time to time.
There are a number of applications that allow you to promptly update the drivers on line, without great difficulty, moreover also WINDOWS Update itself releases updates to the driver (often optional).
Plus if you want the highest level of security, you must provide in other ways, considering this as a good place to start, help to keep clear and fast your external connection.
Also, if you own versions of the old still running operating systems, you will not find here the possibility to download updates: cheat a reason and time to create a DVD with the necessary updates to legacy versions, before they go out by deadlines.

Conclusion

As often happens, the most precious things are donated free of charge.
This is one of the cases: of course we give our gratitude to those who made ​​it possible.

As I already said, valued the hours of work and waiting spared, and then try to do a fair cash offer to the creators, also to allow them to maintain activity in this useful project.

I checked my folder wsusoffline (only one language for all options): the occupation is about 15 GB. Personally I have two allocations. The first is on a Win7 computer that navigates freely, and it works for the best for both. The second is an external disk, mirrored the first. This is used from time to time on stand-alone computers or severe restrictions to navigation, but it can in turn be copied in full on other computers, to avoid re-download the loot. I've edited and updated the occupation to 15 GB.
I hope that this will help you.

WSUS offline is great however a few updates is misses, combining them misses naught any updates, my personal repo is about 120 GIGS however it includes updates for alt-langs.. and archives Windows xp **Everything** etc.

however slip-streaming updates into my iso of windows 7 is about 16 gigs
Combining repos gives missing updates to wsus offline or the other that both miss. (16 gigs inc Firefox Chrome MS office 2007 full with Viseo & ms project and a few apps ie anti-virus and SP1 iso drivers for systems, )

as well putting WSUS on a usb stick means you have ALL updates , for windows 7 etc.
Also saving time. , as well if lazy and or new MS server you can post them to your WSUS 3.x server on windows 2008 .

I just went to download.wsusoffline.net to try and download the latest version. This was version 9.5. When I start the download my AV software tells me the file being downloaded contain AutoIt.B_7 (Worm). Has anybody see or heard anything about this? Thanks

Never had any problems about it: my use plan to download updates to the latest version, but no problem with the virus, even in dozens of installations on computers to update.
You are free to evaluate the many available alternatives, if you believe it.

Download updates is to be considered limited to the more secure, they should not give you any problem in most computers.
The need to consider updated at the time of discharge operation, and is to be repeated from time to time, usually retaining those already downloaded previously.
Even the new version of the program retain previous sessions, possibly eliminating only the KB subsequently updated by other more recent.
For those computers that will have to surf the internet, it will be essential to check thoroughly with Windows update, to add even more recent KB (therefore less tested).

Is possible that you set the folder read-only?
This application must necessarily create a folder with a random name (for example 2f707507b51a1776132b04555edd26be) where places the temporary files.
It may be tedious to remove them from time to time, but it works in this way.
If it is an insurmountable problem, you just have to copy the folder "client" locally, and delete it at the end.

Has anybody successfully used WSUS offline to download the updates but then managed to extract the downloaded updates and import them into your offline Microsoft Windows Server Update Service? At the moment it looks like you use the app to download the updates and then use the app to perform the updates.

Unfortunately I can not help you in this regard, although the issue seems relevant.
I do not think that the two services operate the same way, while using a similar mechanism, but it would be interesting to understand how to operate a clutch. I advise you to ask this question at their blog.